CVE-2026-47425

MEDIUMPre-NVD 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: 0%CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary

EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.

Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.

Affected

  • Repository: https://github.com/conda/rattler
  • Commit: a0e61a33da8b9d6de712fab2a879fa9da977e6e3 (HEAD at audit time, 2026-05-13 release)
  • Downstream consumers reached through the same code path: prefix-dev/pixi @ e640477
  • pixi 0.69.0 and rattler-build 0.65.0 fix this issue

Researcher

Berkant Koc PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6

CVSS v3
EG Score
0.0(none)
EPSS
18.5%
KEV
Not listed

Published

June 1, 2026

Last Modified

June 1, 2026

Vendor Advisories for CVE-2026-47425(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(2 across 2 ecosystems)
crates.io(1)
PackageVulnerable rangeFixed inDependents
rattler0.43.2
PyPI(1)
PackageVulnerable rangeFixed inDependents
py-rattler0.1.0 ... 0.9.1 (36 versions)0.24.0

Data Freshness Timeline

(refreshed 0× in last 7d / 4× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-06-14 23:18 UTCEPSS rescore
  2. 2026-06-13 23:00 UTCEPSS rescore
  3. 2026-06-13 04:49 UTCEG score recompute
  4. 2026-06-12 23:12 UTCEPSS rescore
  5. 2026-06-01 14:49 UTCEG score recompute

Frequently asked(4)

What is CVE-2026-47425?
CVE-2026-47425 is a medium vulnerability published on June 1, 2026. rattler has an entry-point path traversal in noarch:python install (arbitrary file write) Summary EntryPoint::FromStr in rattlercondatypes performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python…
When was CVE-2026-47425 disclosed?
CVE-2026-47425 was first published in the National Vulnerability Database on June 1, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-47425 actively exploited?
CVE-2026-47425 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 18.5% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
How do I remediate CVE-2026-47425?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-47425, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-47425

Explore →

Is Your Infrastructure Affected by CVE-2026-47425?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.